[PROPOSAL] bare response / bare request
Martin Atkins
mart at degeneration.co.uk
Thu Oct 19 18:24:09 UTC 2006
Dick Hardt wrote:
> Motivating Use Case
> ----------------------------
> The IdP would like to allow the user to click a link on the IdP to
> login to an RP. This requires a bare response to be able to be sent.
> A Trusted Party, acting as an RP would like to store a value at the
> IdP, but does not need the IdP to send the user back, a bare request
> is needed.
>
>
> Proposed Implementation
> -----------------------------------
> bare request: if the openid.return_to parameter is missing or blank,
> then the IdP will not send the user back to the RP
>
> bare response: sending a bare response is valid (not sure we need to
> do anything more then say it is OK to do)
It sounds to me that this "bare response" thing is just a special case
of the "rich clients" we're discussing right now in a separate thread.
The IdP is just using redirects to make a dumb browser act like a rich
client.
If rich clients were implemented in the way I've been promoting [1],
IdPs would then be able to make use of the same mechanism.
[1] http://openid.net/pipermail/specs/2006-October/000596.html
More information about the specs
mailing list